Lucene search

CiscoCISCO-SA-20150325-MDNS

HistoryMar 25, 2015 - 4:00 p.m.

Cisco IOS Software and IOS XE Software mDNS Gateway Denial of Service Vulnerability

2015-03-2516:00:00

tools.cisco.com

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.002 Low

EPSS

Percentile

56.2%

JSON

A vulnerability in the multicast DNS (mDNS) gateway function of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to reload the vulnerable device.

The vulnerability is due to improper validation of mDNS packets. An attacker could exploit this vulnerability by sending malformed IP version 4 (IPv4) or IP version 6 (IPv6) packets on UDP port 5353. An exploit could allow the attacker to cause a denial of service (DoS) condition.

Cisco has released software updates that address this vulnerability. This advisory is available at the following link:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-mdns[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-mdns”]wo

Note: The March 25, 2015, Cisco IOS & XE Software Security Advisory bundled publication includes seven Cisco Security Advisories. The advisories address vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS & XE Software Security Advisory Bundled Publication at the following link:
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar15.html[“http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar15.html”]

Affected configurations

Vulners

Node

ciscoiosMatch15.1sy

ciscoiosMatch15.3s

ciscoiosMatch15.4t

ciscoiosMatch15.2e

ciscoiosMatch15.2jb

ciscoiosMatch15.4s

ciscoiosMatch15.4m

ciscoiosMatch15.4sn

ciscoiosMatch15.3jn

ciscoiosMatch12.4jap

ciscoiosMatch15.3ja

ciscoiosMatch15.3jnb

ciscorvs4000_softwareMatch3.3se

ciscorvs4000_softwareMatch3.3xo

ciscorvs4000_softwareMatch3.5e

ciscorvs4000_softwareMatch3.10s

ciscorvs4000_softwareMatch3.11s

ciscorvs4000_softwareMatch3.12s

ciscorvs4000_softwareMatch3.13s

ciscorvs4000_softwareMatch3.6e

ciscoiosMatch15.1\(2\)sy

ciscoiosMatch15.1\(2\)sy1

ciscoiosMatch15.1\(2\)sy2

ciscoiosMatch15.1\(2\)sy3

ciscoiosMatch15.3\(3\)s

ciscoiosMatch15.3\(2\)s2

ciscoiosMatch15.3\(3\)s1

ciscoiosMatch15.3\(3\)s2

ciscoiosMatch15.3\(3\)s3

ciscoiosMatch15.3\(3\)s1a

ciscoiosMatch15.3\(3\)s2a

ciscoiosMatch15.4\(1\)t

ciscoiosMatch15.4\(2\)t

ciscoiosMatch15.4\(1\)t2

ciscoiosMatch15.4\(1\)t1

ciscoiosMatch15.4\(2\)t1

ciscoiosMatch15.2\(1\)e

ciscoiosMatch15.2\(2\)e

ciscoiosMatch15.2\(1\)e1

ciscoiosMatch15.2\(1\)e2

ciscoiosMatch15.2\(1\)e3

ciscoiosMatch15.2\(2\)jb1

ciscoiosMatch15.4\(1\)s

ciscoiosMatch15.4\(3\)s

ciscoiosMatch15.4\(1\)s1

ciscoiosMatch15.4\(1\)s2

ciscoiosMatch15.4\(2\)s1

ciscoiosMatch15.4\(3\)m

ciscoiosMatch15.4\(3\)m1

ciscoiosMatch15.4\(3\)m2

ciscoiosMatch15.4\(2\)sn

ciscoiosMatch15.4\(2\)sn1

ciscoiosMatch15.4\(3\)sn1

ciscoiosMatch15.3\(3\)jn

ciscoiosMatch12.4\(25e\)jap1m

ciscoiosMatch15.3\(3\)ja1n

ciscoiosMatch15.3\(3\)jnb

ciscorvs4000_softwareMatch3.3.0se

ciscorvs4000_softwareMatch3.3.1se

ciscorvs4000_softwareMatch3.3.2se

ciscorvs4000_softwareMatch3.3.3se

ciscorvs4000_softwareMatch3.3.0xo

ciscorvs4000_softwareMatch3.3.1xo

ciscorvs4000_softwareMatch3.3.2xo

ciscorvs4000_softwareMatch3.5.0e

ciscorvs4000_softwareMatch3.5.1e

ciscorvs4000_softwareMatch3.5.2e

ciscorvs4000_softwareMatch3.5.3e

ciscorvs4000_softwareMatch3.10.0s

ciscorvs4000_softwareMatch3.10.1s

ciscorvs4000_softwareMatch3.10.2s

ciscorvs4000_softwareMatch3.10.3s

ciscorvs4000_softwareMatch3.10.1xcs

ciscorvs4000_softwareMatch3.10.2as

ciscorvs4000_softwareMatch3.10.2ts

ciscorvs4000_softwareMatch3.10.1xbs

ciscorvs4000_softwareMatch3.11.1s

ciscorvs4000_softwareMatch3.11.2s

ciscorvs4000_softwareMatch3.11.0s

ciscorvs4000_softwareMatch3.12.0s

ciscorvs4000_softwareMatch3.12.1s

ciscorvs4000_softwareMatch3.12.0as

ciscorvs4000_softwareMatch3.13.0s

ciscorvs4000_softwareMatch3.13.0as

ciscorvs4000_softwareMatch3.6.0e

ciscorvs4000_softwareMatch3.6.0ae

CPENameOperatorVersion
ioseq15.1SY
ioseq15.3S
ioseq15.4T
ioseq15.2E
ioseq15.2JB
ioseq15.4S
ioseq15.4M
ioseq15.4SN
ioseq15.3JN
ioseq12.4JAP

Name	Operator	Version
ios	eq	15.1SY
ios	eq	15.3S
ios	eq	15.4T
ios	eq	15.2E
ios	eq	15.2JB
ios	eq	15.4S
ios	eq	15.4M
ios	eq	15.4SN
ios	eq	15.3JN
ios	eq	12.4JAP

Rows per page:

1-10 of 861

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-mdns

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.002 Low

EPSS

Percentile

56.2%

JSON

Related for CISCO-SA-20150325-MDNS